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(54) Transferring copyright protected contents using radio link layer authentication/encryption 



(57) Between a transmitting device (101) and a re- 
ceiving device (102), a first authentication and key ex- 
change procedure (13) depending on a radio link layer 
network is carried out, and then a whole or a part of a 
second authentication and key exchange procedure 
(1 6) depending on the copyright protected contents data 
is carried out by using the cipher communication using 



a first encryption key that is shared between the trans- 
mitting device (101) and the receiving device (102) by 
the first authentication and key exchange procedure, so 
that the contents data transfer by the cipher communi- 
cation using a second encryption key can be carried out 
only between legitimate pair of the transmitting device 
(101) and the receiving device (102) that can success- 
fully complete the first authentication. 
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Description 

[0001] The present invention relates to a scheme for 
transferring data that require the copyright protection, 
through radio. 

[0002] In recent years, the digital network technology 
has been developing rapidly. There is no limit to the ad- 
vance of the network technology such as portable tele- 
phone and Internet, and its applications are not limited 
to just the speech communications and becoming more 
diverse. The typical examples of such diverse applica- 
tions include the music distribution on the Internet and 
the music distribution through a radio data network (i- 
mode, etc.) using portable telephones. 
[0003] On the other hand, a new field called digital 
home electronics is also attracting much attention. This 
is a new home electronics technology utilizing the digital 
technology, and in particular, fields such as digital 
broadcasting and "digital AV home electronics" that uti- 
lizes the digital AV technology such as MD, DVD, etc. 
are expected to have considerable growth potential. 
[0004] A field of "network home electronics" can be 
regarded as an amalgamation of these fields. In this 
field, the digital AV data (MPEG2 video, etc.) can be ex- 
changed through networks such as IEEE 1394, and 
there is potential for newly creating many applications. 
[0005] Under such circumstances, the problem of the 
copyright protection requires much consideration. The 
digital data have an advantageous feature in that they 
can be easily processed or stored without any degrada- 
tion, but this feature in turn implies that they can be eas- 
ily copied. Consequently, the digital data (such as those 
of movies or music, for example) that are intended to be 
purchased in exchange to some payment can be easily 
copied and acquired or transferred illegally. 
[0006] For this reason, it is important to construct a 
mechanism for preventing the illegal act with respect to 
the copyright protected digital data. 
[0007] A representative example of such a mecha- 
nism is DTCP (Digital Transmission Contents Protec- 
tion) of the IEEE 1394. This mechanism prevents the 
eavesdropping by the third party by carrying out the au- 
thentication and key exchange procedure between a 
transmitting device and a receiving device of the AV data 
on the IEEE 1394 so as to share an encryption key for 
encrypting or decrypting the AV data, and transferring 
the AV data on the IEEE 1394 after encrypting the AV 
data by using this encryption key. This mechanism also 
incorporates a mechanism for preventing the illegal 
copy by an illegal receiving device by permitting the 
above described authentication and the key exchange 
(more specifically, the exchange of Certificate) only be- 
tween those devices for which the safety is guaranteed 
in advance. 

[0008] However, this mechanism presupposes the 
wired network such as IEEE 1394 or USB. In the case 
of the AV data transfer using the radio network, the AV 
data can be transferred between any devices (there is 



no need to connect devices through a cable so that it is 
possible to receive the AV data by simply commanding 
transmission via the radio), so that the third party can 
eavesdrop the AV data and the illegal act cannot be pre- 
5 vented. 

[0009] It is therefore an object of the present invention 
to provide a scheme for transferring copyright protected 
contents data which is capable of realizing the secure 
copyright protection even under the radio environment. 

10 [0010] According to one aspect of the present inven- 
tion there is provided a transmitting device for transmit- 
ting copyright protected contents data to a receiving de- 
vice through radio communications, transmitting device 
comprising: a first authentication unit configured to carry 

15 out a first authentication with the receiving device, for 
judging whether the receiving device is a device that is 
allowed to communicate with the transmitting device or 
not, on a radio link layer of the radio communications; a 
first key exchange unit configured to generate a first en- 

20 cryption key and share the first encryption key with the 
receiving device when the first authentication with the 
receiving device by the first authentication unit is suc- 
cess; a second authentication unit configured to carry 
out a second authentication with the receiving device, 

25 for protecting copyright of the contents data to be trans- 
mitted, through an encrypted radio communication us- 
ing the first encryption key; a second key exchange unit 
configured to generate a second encryption key and 
share the second encryption key with the receiving de- 

30 vice when the second authentication with the receiving 
device by the second authentication unit is success; and 
a communication unit configured to transmit the con- 
tents data to the receiving device through an encrypted 
communication path which is encrypted by using the 

35 second encryption key and provided on the radio link 
layer. 

[001 1 ] According to another aspect of the present in- 
vention there is provided a transmitting device for trans- 
mitting copyright protected contents data to a receiving 

40 device through radio communications, transmitting de- 
vice comprising: a first authentication unit configured to 
carry out a first authentication with the receiving device, 
forjudging whether the receiving device is a device that 
is allowed to communicate with the transmitting device 

45 or not, on a radio link layer of the radio communications; 
a first key exchange unit configured to generate a first 
encryption key and share the first encryption key with 
the receiving device when the first authentication with 
the receiving device by the first authentication unit is 

50 success; a second authentication unit configured to car- 
ry out a second authentication with the receiving device, 
for protecting copyright of the contents data to be trans- 
mitted, through an encrypted radio communication us- 
ing the first encryption key; a second key exchange unit 

55 configured to generate a second encryption key and 
share the second encryption key with the receiving de- 
vice when the second authentication with the receiving 
device by the second authentication unit is success; and 
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a communication unit configured to set up an encrypted 
communication path which is encrypted by using the 
second encryption key on the encrypted radio commu- 
nication which is encrypted by using the first encryption 
key, and transmit the contents data to the receiving de- 
vice through the encrypted communication path. 
[0012] According to another aspect of the present in- 
vention there is provided a receiving device for receiving 
copyright protected contents data transmitted from a 
transmitting device through radio communications, the 
receiving device comprising: a first authentication unit 
configured to carry out a first authentication with the 
transmitting device, for enabling the receiving device to 
operate as a device that is allowed to communicate with 
the transmitting device, on a radio link layer of the radio 
communications; a first key exchange unit configured to 
generate a first encryption key and share the first en- 
cryption key with the transmitting device when the first 
authentication with the transmitting device by the first 
authentication unit is success; a second authentication 
unit configured to carry out a second authentication with 
the transmitting device, for protecting copyright of the 
contents data to be transmitted, through an encrypted 
radio communication using the first encryption key; a 
second key exchange unit configured to generate a sec- 
ond encryption key and share the second encryption key 
with the transmitting device when the second authenti- 
cation with the transmitting device by the second au- 
thentication unit is success; and a communication unit 
configured to receive the contents data transmitted from 
the transmitting device through an encrypted communi- 
cation path which is encrypted by using the second en- 
cryption key and provided on the radio link layer. 
[001 3] According to another aspect of the present in- 
vention there is provided a receiving device for receiving 
copyright protected contents data transmitted from a 
transmitting device through radio communications, the 
receiving device comprising: a first authentication unit 
configured to carry out a first authentication with the 
transmitting device, for enabling the receiving device to 
operate as a device that is allowed to communicate with 
the transmitting device, on a radio link layer of the radio 
communications; a first key exchange unit configured to 
generate a first encryption key and share the first en- 
cryption key with the transmitting device when the first 
authentication with the transmitting device by the first 
authentication unit is success; a second authentication 
unit configured to carry out a second authentication with 
the transmitting device, for protecting copyright of the 
contents data to be transmitted, through an encrypted 
radio communication using the first encryption key; a 
second key exchange unit configured to generate a sec- 
ond encryption key and share the second encryption key 
with the transmitting device when the second authenti- 
cation with the transmitting device by the second au- 
thentication unit is success; and a communication unit 
configured to set up an encrypted communication path 
which is encrypted by using the second encryption key 



on the encrypted radio communication which is encrypt- 
ed by using the first encryption key, and receive the con- 
tents data transmitted from the transmitting device 
through the encrypted communication path. 

5 [0014] According to another aspect of the present in- 
vention there is provided a radio communication sys- 
tem, comprising a transmitting device for transmitting 
copyright protected contents data through radio com- 
munications, and a receiving device for receiving the 

10 contents data transmitted from the transmitting device, 
each one of the transmitting device and the receiving 
device having: a first authentication unit configured to 
carry out a first authentication between the transmitting 
device and the receiving device, forjudging whetherthe 

15 transmitting device and the receiving device are devices 
that are allowed to communicate with the transmitting 
device or not, on a radio link layer of the radio commu- 
nications; a first key exchange unit configured to gener- 
ate a first encryption key and share the first encryption 

20 key between the transmitting device and the receiving 
device when the first authentication between the trans- 
mitting device and the receiving device by the first au- 
thentication unit is success; a second authentication unit 
configured to carry out a second authentication between 

25 the transmitting device and the receiving device, for pro- 
tecting copyright of the contents data to be transmitted, 
through an encrypted radio communication using the 
first encryption key; a second key exchange unit config- 
ured to generate a second encryption key and share the 

30 second encryption key between the transmitting device 
and the receiving device when the second authentica- 
tion between the transmitting device and the receiving 
device by the second authentication unit is success; and 
a communication unit configured to transfer the contents 

35 data from the transmitting device to the receiving device 
through an encrypted communication path which is en- 
crypted by using the second encryption key and provid- 
ed on the radio link layer. 

[0015] According to another aspect of the present in- 

40 vention there is provided a radio communication sys- 
tem, comprising a transmitting device for transmitting 
copyright protected contents data through radio com- 
munications, and a receiving device for receiving the 
contents data transmitted from the transmitting device, 

45 each one of the transmitting device and the receiving 
device having: a first authentication unit configured to 
carry out a first authentication between the transmitting 
device and the receiving device, forjudging whetherthe 
transmitting device and the receiving device are devices 

50 that are allowed to communicate with the transmitting 
device or not, on a radio link layer of the radio commu- 
nications; a first key exchange unit configured to gener- 
ate a first encryption key and share the first encryption 
key between the transmitting device and the receiving 

55 device when the first authentication between the trans- 
mitting device and the receiving device by the first au- 
thentication unit is success; a second authentication unit 
configured to carry out a second authentication between 
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the transmitting device and the receiving device, for pro- 
tecting copyright of the contents data to be transmitted, 
through an encrypted radio communication using the 
first encryption key; a second key exchange unit config- 
ured to generate a second encryption key and share the 
second encryption key between the transmitting device 
and the receiving device when the second authentica- 
tion between the transmitting device and the receiving 
device by the second authentication unit is success; and 
a communication unit configured to set up an encrypted 
communication path which is encrypted by using the 
second encryption key on the encrypted radio commu- 
nication which is encrypted by using the first encryption 
key, and transfer the contents data from the transmitting 
device to the receiving device through the encrypted 
communication path. 

[001 6] According to another aspect of the present in- 
vention there is provided a contents data transfer meth- 
od in a radio communication system comprising a trans- 
mitting device for transmitting copyright protected con- 
tents data through radio communications and a receiv- 
ing device for receiving the contents data transmitted 
from the transmitting device, the contents data transfer 
method comprising: carrying out a first authentication 
between the transmitting device and the receiving de- 
vice, forjudging whether the transmitting device and the 
receiving device are devices that are allowed to com- 
municate with the transmitting device or not, on a radio 
link layer of the radio communications; generating a first 
encryption key and sharing the first encryption key be- 
tween the transmitting device and the receiving device 
when the first authentication between the transmitting 
device and the receiving device is success; carrying out 
a second authentication between the transmitting de- 
vice and the receiving device, for protecting copyright of 
the contents data to be transmitted, through an encrypt- 
ed radio communication using the first encryption key; 
generating a second encryption key and sharing the 
second encryption key between the transmitting device 
and the receiving device when the second authentica- 
tion between the transmitting device and the receiving 
device is success; and transferring the contents data 
from the transmitting device to the receiving device 
through an encrypted communication path which is en- 
crypted by using the second encryption key and provid- 
ed on the radio link layer. 

[001 7] According to another aspect of the present in- 
vention there is provided a contents data transfer meth- 
od in a radio communication system comprising a trans- 
mitting device for transmitting copyright protected con- 
tents data through radio communications and a receiv- 
ing device for receiving the contents data transmitted 
from the transmitting device, the contents data transfer 
method comprising: carrying out a first authentication 
between the transmitting device and the receiving de- 
vice, forjudging whether the transmitting device and the 
receiving device are devices that are allowed to com- 
municate with the transmitting device or not, on a radio 



link layer of the radio communications; generating a first 
encryption key and sharing the first encryption key be- 
tween the transmitting device and the receiving device 
when the first authentication between the transmitting 

5 device and the receiving device is success; carrying out 
a second authentication between the transmitting de- 
vice and the receiving device, for protecting copyright of 
the contents data to be transmitted, through an encrypt- 
ed radio communication using the first encryption key; 

10 generating a second encryption key and sharing the 
second encryption key between the transmitting device 
and the receiving device when the second authentica- 
tion between the transmitting device and the receiving 
device is success; and setting up an encrypted commu- 

15 nication path which is encrypted by using the second 
encryption key on the encrypted radio communication 
which is encrypted by using the first encryption key, and 
transferring the contents data from the transmitting de- 
vice to the receiving device through the encrypted com- 

20 munication path. 

[0018] Other features and advantages of the present 
invention will become apparent from the following de- 
scription taken in conjunction with the accompanying 
drawings. 

25 [0019] Fig. 1 is a schematic diagram showing an ex- 
emplary configuration of a radio communication system 
according to the first embodiment of the present inven- 
tion. 

[0020] Fig. 2 is a block diagram showing an exempla- 

30 ry internal configuration of a portable PEG4 player in the 
radio communication system of Fig. 1 . 
[0021] Fig. 3 is a block diagram showing an exempla- 
ry internal configuration of a portable viewer in the radio 
communication system of Fig. 1 . 

35 [0022] Fig. 4 is a flow chart showing an outline of a 
Bluetooth layer authentication procedure in the radio 
communication system of Fig. 1 . 
[0023] Fig. 5 is a sequence chart showing an exem- 
plary operation sequence between a portable MPEG4 

40 player and a portable viewer which are a legitimate pair 
in the radio communication system of Fig. 1 . 
[0024] Fig. 6 is a sequence chart showing an exem- 
plary operation sequence between a portable MPEG4 
player and a portable viewer which are not a legitimate 

45 pair in the radio communication system of Fig. 1 . 

[0025] Fig. 7 is a block diagram showing an exempla- 
ry internal configuration of a portable PEG4 player in a 
radio communication system according to the second 
embodiment of the present invention. 

50 [0026] Fig. 8 is a block diagram showing an exempla- 
ry internal configuration of a portable viewer in a radio 
communication system according to the second embod- 
iment of the present invention. 

[0027] Fig. 9 is a sequence chart showing an exem- 
55 piary operation sequence between a portable MPEG4 
player and a portable viewer which are a legitimate pair 
in a radio communication system according to the sec- 
ond embodiment of the present invention. 
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[0028] Referring now to Fig. 1 to Fig. 6, the first em- 
bodiment of the present invention will be described in 
detail. 

[0029] Fig. 1 shows an exemplary configuration of a 
radio communication system according to the first em- 
bodiment. As shown in Fig. 1 , a portable MPEG4 player 
1 01 to be a source device and a portable viewer 1 02 to 
be a corresponding sink device are located within an ar- 
ea in which a connection by a local area radio network 
is possible (it is assumed that each one of the portable 
MPEG4 player 101 and the portable viewer 102 has a 
radio interface for this local area radio network). 
[0030] Here, as shown in Fig. 1 , suppose that a port- 
able viewer 103 (which is assumed to have the same 
basic configuration as the portable viewer 102) is also 
located within an area in which a connection by the local 
area radio network is possible, besides the portable 
MPEG4 player 1 01 and the portable viewer 1 02. 
[0031 ] Namely, these three portable terminals are ex- 
isting in the same radio LAN (a single pico-net in the 
case of the Bluetooth), within an area in which the 
MPEG4 video can be transferred from the portable 
MPEG4 player to either portable viewer via the Blue- 
tooth. Then, it is assumed that the portable MPEG4 
player 101 and the portable viewer 102 are owned by 
the same person, say Mr. A, (they are intended to be 
used as a pair by Mr. A), whereas the portable viewer 
1 03 is owned by a person other than Mr. A, say Mr. B (it 
is not intended to be used by Mr. A). Note that the port- 
able viewer 1 03 will be considered for the sake of sim- 
plicity, but any other portable viewer owned by a person 
other than Mr. A that is existing in the connectable area 
can be treated similarly as the portable viewer 1 03. 
[0032] Here, it is also assumed that the M P EG4 video 
(MPEG4 data) to be transferred should be transferred 
after applying the copyright protection. 
[0033] Note also that the local area radio network is 
assumed to be the Bluetooth here. The Bluetooth is a 
kind of the radio LAN characterized by its low cost and 
low power consumption, which is expected to be imple- 
mented in many portable terminals and home electron- 
ics (see documents available at "http://www.bluetooth. 
com" for further details). 

[0034] In the following, the configuration for enabling 
the transfer of the MPEG4 video from the portable 
MPEG4 player 101 only with respect to the portable 
viewer 102 (such that the MPEG4 video can be play- 
backed only by the portable viewer 1 02) under the cir- 
cumstance shown in Fig. 1 will be described. 
[0035] Fig. 2 shows an exemplary internal configura- 
tion of the portable MPEG4 player 101 . As shown in Fig. 
2, the portable MPEG4 player 101 has a Bluetooth in- 
terface (radio interface) 11 for carrying out the physical 
layer processing of the Bluetooth, and a Bluetooth com- 
munication processing unit 1 2 for carrying out the data- 
link layer processing of the Bluetooth. 
[0036] The specifications of the Bluetooth specify the 
authentication, key exchange and data encryption 



scheme called "Bluetooth Security". In other words, a 
scheme for the data encryption and the authentication 
and key exchange is already defined within the link layer 
scheme called Bluetooth. The portable MPEG4 player 
5 1 01 has processing units for carrying out this process- 
ing, including a Bluetooth authentication and key ex- 
change processing unit 13 for carrying out the Bluetooth 
authentication and key exchange procedure (data ex- 
change), a PIN code input unit 14 for entering a PIN 
code, and a Bluetooth layer encryption and decryption 
unit 15 for carrying out the encryption of data to be trans- 
mitted and the decryption of received data. The authen- 
tication at the Bluetooth level is designed such that 
matching of a code called PIN code (which is given by 
a number in several digits or a password, or a body in- 
formation such as fingerprint information, for example) 
on both sides is required for the success of the authen- 
tication. 

[0037] Besides these, the portable MPEG4 player 
101 has an MPEG4 storage 19 for storing MPEG4 AV 
data, and a packet assembling unit 18 for assembling 
Bluetooth packets from the MPEG4 AV data. The port- 
able MPEG4 player 101 also has processing units on 
the copyright protection layer (application level) for 
transferring the MPEG4 data in encrypted form includ- 
ing a DTCP authentication and key exchange unit 1 6 for 
carrying out the DTCP authentication and key exchange 
procedure (data exchange) and a DTCP encryption unit 
1 7 for encrypting data to be transmitted. 
[0038] Here, DTCP stands for Digital Transmission 
Contents Protection, which is the de facto standard cop- 
yright protection scheme in the IEEE 1394, USB, etc. 
This scheme has a mechanism for carrying out the au- 
thentication and key exchange between the transmitting 
device and the receiving device, and transferring the AV 
data by encrypting them, with respect to the AV data that 
require the copyright protection (which can be identified 
as information indicating whether the copyright protec- 
tion is required or not is attached to the AV data, for ex- 
ample) (see documents available from "http://www.dtla. 
com" for further details). 

[0039] Fig. 3 shows an exemplary internal configura- 
tion of the portable viewer 1 02 (1 03). As shown in Fig. 
3, the portable viewer 1 02 has a Bluetooth interface 21 , 
a Bluetooth communication processing unit 22, 
processing units for carrying out the authentication and 
key exchange and the encryption at the Bluetooth level 
including a Bluetooth authentication and key exchange 
processing unit 23 for carrying out the Bluetooth authen- 
tication and key exchange procedure (data exchange), 
a PIN code input unit 24 for entering a PIN code, and a 
Bluetooth layer encryption and decryption unit 25 for 
carrying out the encryption of data to be transmitted and 
the decryption of received data, and processing units for 
carrying out the authentication and key exchange and 
the encryption of the AV data (on application level) in- 
cluding a DTCP authentication and key exchange unit 
26 for carrying out the DTCP authentication and key ex- 
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change procedure (data exchange) and a DTCP en- 
cryption unit 27 for decrypting received data. 
[0040] The portable viewer 1 02 also has a packet re- 
assembling unit 28 for re-assembling the MPEG4 data 
from the Bluetooth packets, an MPEG4 decoder 29 for 
decoding the MPEG4 data, and a display 30 for display- 
ing the decoded MPEG4 data. 

[0041] Fig. 4 shows an outline of the authentication 
procedure on the Bluetooth layer. 
[0042] First, at each device (the portable MPEG4 
player, the portable viewer), the PIN code is entered 
(step S1 ). Note that the PIN code can be newly entered 
at each occasion or can be entered and set up in ad- 
vance. 

[0043] Then, the both devices carry out the authenti- 
cation procedure on the Bluetooth layer (using the Blue- 
tooth authentication and key exchange processing units 
13 and 23) (step S2). 

[0044] The PIN codes are exchanged between the 
both devices and if the authentication is success as 
these PIN codes coincide (step S3 YES), the key ex- 
change procedure on the Bluetooth layer is carried out 
and the key sharing is realized successfully (step S4). 
[0045] After that, by using the Bluetooth layer key that 
is shared (by the Bluetooth layer encryption and decryp- 
tion units 15 and 25), the DTCP authentication and key 
exchange (by the DTCP authentication and key ex- 
change units 16 and 26) can be carried out safely. As a 
result, the DTCP key is shared and the cipher commu- 
nication of the MPEG4 data becomes possible (it be- 
comes possible to encrypt data at the DTCP encryption 
unit 17 and decrypt data at the DTCP decryption unit 
27). 

[0046] On the other hand, when the authentication is 
failure as the PIN codes do not coincide (step S3 NO), 
the key exchange procedure on the Bluetooth layer is 
carried out butthe key sharing is unsuccessful (step S5). 
[0047] In this case, the Bluetooth layer key will not be 
shared so that even when the DTCP authentication and 
key exchange (by the DTCP authentication and key ex- 
change units 16 and 26) is carried out, the DTCP au- 
thentication and key exchange will be unsuccessful (the 
DTCP key cannot be shared), because the decryption 
by using an incorrect Bluetooth layer key will be carried 
out. In addition, if the DTCP authentication and key ex- 
change is unsuccessful, even when the MPEG4 data 
that are encrypted (by using the DTCP key at the DTCP 
encryption unit 17) are received, the received MPEG4 
data cannot be decrypted because a correct DTCP key 
is not known at the DTCP decryption unit 27. 
[0048] Note that it is also possible to adopt a proce- 
dure in which the key exchange procedure on the Blue- 
tooth layer itself is not to be carried out in the case where 
the authentication fails as the PIN codes of the both de- 
vices do not coincide. 

[0049] Note also that the authentication is considered 
as success when the PIN codes of the both devices co- 
incide in this embodiment, but alternatively, it is also 



possible to adopt a scheme in which the authentication 
is considered as success when the PIN code value of 
one side and the PIN code value of the other side are 
in a prescribed relationship (such as a relationship in 

5 which a part of the address information is utilized as the 
user attribute information, for example). Note here that 
a relationship in which the PIN code values of the both 
devices coincide can also be regarded as a kind of pre- 
scribed relationship. 

10 [0050] Here, the variations of the PIN codes will be 
described. 

[0051 ] First, there are several variations in the method 
for entering or setting up the PIN code, including (1) a 
method in which the user enters the PIN code at each 

15 occasion, (2) a method in which the user sets up the PIN 
code in advance, (3) a method in which the manufactur- 
er or the retailer sets up the PIN code in advance (in a 
form that cannot be changed by the user), and (4) a 
method for using all or a part of the above (1) to (3) in 

20 combination (such as a method for concatenating a 
code of (1 ) and a code of (3)), for example. There is also 
a method in which the user is allowed to select one of 
the above (1) and (2) appropriately, for example. 
[0052] There are also several variations in the content 

25 of the PIN code. 

[0053] In the case of the above (1) or (2), there is a 
method in which the user determines the PIN code at 
each occasion. There is also a method in which a pass- 
word is generated randomly at one device (the portable 

30 MPEG4 player, for example) and this password is stored 
in that one device side as the PIN code and presented 
to the user, and the user who read this password enters 
the same password into the other device (the portable 
viewer, for example). There is also a method for using 

35 the fingerprint information, the voiceprint information, or 
the cornea information (in which case there is a need 
for a device for acquiring such information which can be 
either provided in the portable MPEG4 player or the 
portable viewer, or which can be externally connectable 

40 to the portable MPEG4 player or the portable viewer). 
[0054] Also, in the case of the above (2), there is a 
method in which the user attribute information is regis- 
tered in the portable MP EG4 player orthe portable view- 
er and the PIN code is generated according to this in- 

45 formation (such as user name, address, age, school 
name, occupation, company name, section name, 
names of family members, for example). However, an 
information from which the PIN code is to generated 
must have a value that can make the PIN codes on the 

50 both devices identical, such as an identical value, for 
example. 

[0055] Also, in the case of the above (3), there is a 
method in which the manufacturer orthe retailer sets up 
the identical random number in one set of the portable 
55 MPEG4 player and the portable viewer at a time of man- 
ufacturing or selling. There is also a method in which the 
retailer acquires the user's fingerprint information orthe 
like at a time of selling and sets it up in one set of the 
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portable MPEG4 player and the portable viewer. 
[0056] Now, the portable MPEG4 player and the port- 
able viewer of this embodiment are realizing the situa- 
tion in which "the AV data transfer applications will be 
operated properly between player and viewer that are 
legitimate pair" and "the AV data transfer applications 
will not be operated properly between player and viewer 
that are not legitimate pair (the AV data cannot be re- 
produced properly on the viewer)". For example, when 
the portable MPEG4 player and the portable viewer 
owned by the same person are the legitimate pair, it is 
possible to realize the environment in which data from 
the portable MPEG4 player owned by himself can be 
reproduced by the portable viewer owned by himself, 
but data from the portable M PEG4 player owned by him- 
self cannot be reproduced by the portable viewer owned 
by someone else, and data from the portable MPEG4 
player owned by someone else cannot be reproduced 
by the portable viewer owned by himself. 
[0057] In other words, in the case of using radio as 
interface in general, the radio signals outputted from the 
player are naturally put in a state where they can be re- 
ceived by any viewer with in a certain range, sothatfrom 
a viewpoint of the viewer side, this implies that each 
portable viewer is allowed to access (command trans- 
mission of) data regardless of whether it is a portable 
viewer of the legitimate pair or not. Here, on the copy- 
right protection layer, if the both devices (a transmitting 
side device and a receiving side device) are DTCP com- 
pliant (DTCP based) devices, the authentication and 
key exchange can be successfully done in either case. 
In other words, on the copyright protection layer whether 
a correspondent device is a device of the legitimate pair 
or not cannot be distinguished. For this reason, in this 
embodiment, the Bluetooth level authentication is uti- 
lized for the purpose of distinguishing whether a corre- 
spondent device is a device of the legitimate pair or not. 
[0058] Namely, when the authentication and key ex- 
change at the Bluetooth level is successful, it is judged 
that this implies a correspondent device is a device of 
the legitimate pair, and a transition to the authentication 
and key exchange at the application level (the DTCP 
level) is made. When the authentication and key ex- 
change at the Bluetooth level is unsuccessful, it is 
judged that this implies a correspondent device is not a 
device of the legitimate pair, and a transition to the au- 
thentication and key exchange at the application level 
(the DTCP level) is refused. 

[0059] This is because when the authentication and 
key exchange at the Bluetooth level is successful, it can 
be ascertained that the both devices (a transmitting de- 
vice and a receiving device) are the devices of the legit- 
imate pair. Namely, the authentication at the Bluetooth 
level is an authentication procedure using the PIN code 
values, which succeeds when "the same PIN code (a 
number in several digits or password, or fingerprint in- 
formation, etc., for example) can be entered into the 
both devices (a transmitting device and a receiving de- 



vice)" or"thesame PIN code is set up intheboth devices 
(a transmitting device and a receiving device)", so that 
the success of the authentication at the Bluetooth level 
can be considered as sufficient for conjecturing or rec- 
5 ognizing that the both devices are the legitimate pair (a 
probability in which the PIN codes entered into devices 
which are not the legitimate pair to coincide by accident 
is sufficiently small). 

[0060] For example, in the case where the portable 
10 MPEG4 player and the portable viewer owned by the 
same person are to be regarded as the legitimate pair, 
Mr. A can enter the same PIN code (password) into his 
own portable MPEG4 player and portable viewer, but it 
is extremely difficult for Mr. B to guess and enter this 
15 same PIN code (password) into his own portable viewer, 
so that it is possible to judge that the portable MPEG4 
player and the portable viewer are the legitimate pair 
owned by the same person if the entered PIN codes are 
identical, and that they are illegitimate pair owned by 
20 different persons if the entered PIN codes are different. 
Also, in the case of using the fingerprint information or 
the like for the PIN code, it is impossible for Mr. B to 
enter the same PIN code (fingerprint information or the 
like) as that of Mr. A into his own portable viewer unless 
25 Mr. B has stolen the fingerprint information or the like of 
Mr. A. 

[0061] Here, the exemplary case of exchanges be- 
tween the portable MPEG4 player 1 01 and the portable 
viewer 102 and exchanges between the portable 
30 MPEG4 player 1 01 and the portable viewer 1 03 will be 
described. 

[0062] Fig. 5 shows an exemplary sequence to be car- 
ried out between the portable MPEG4 player 101 and 
the portable viewer 1 02 of Mr. A which are the legitimate 
35 pair. Note that, in Fig. 5, aspects related to the encryp- 
tion and decryption at the link layer are omitted as they 
are obvious. 

[0063] In this case, first, the PIN code is entered by a 
prescribed method at a prescribed timing (in advance 
40 or before the actual use, for example) into both the port- 
able MPEG4 player 101 and the portable viewer 102 
(steps S11 and S12). Here, the value of the PIN code 
entered at the portable MPEG4 player 101 side is as- 
sumed to be "x", and it is assumed that the same value 
45 M x" is also entered as the PIN code value at the portable 
viewer 102 side. As the PIN code values on both devices 
coincide, it is possible in this case to complete the sub- 
sequent Bluetooth layer authentication procedure suc- 
cessfully. 

50 [0064] Then, the Bluetooth layer link key sharing pro- 
cedure is carried out (step S13), and a value of the link 
key Kl to be used in the subsequent authentication and 
key exchange is shared (steps S14 and S15). 
[0065] Then, the Bluetooth layer authentication pro- 
55 cedure is carried out (step S1 6). In this case, the same 
PIN code is shared sothatthe authentication is success. 
[0066] Then, the Bluetooth layer key exchange pro- 
cedure is carried out (step S17), and a value of the Blue- 
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tooth layer encryption key Kbt is shared (steps S1 8 and 
S19). 

[0067] As a result, it becomes possible to carry out 
the exchange of any data in the encrypted form (such 
that the others cannot eavesdrop or rewrite the data) on 
the Bluetooth layer between the both devices. 
[0068] Next, the portable MPEG4 player 1 01 and the 
portable viewer 102 move on to the DTCP (copyright 
protection layer) authentication and key exchange 
phase. Here, it is preferable for the both devices to carry 
out a whole or a part of the DTCP authentication and 
key exchange procedure by applying the encryption at 
the Bluetooth level. In this way, it becomes possible to 
guarantee that the DTCP authentication and key ex- 
change is carried out (completed) only between devices 
of the legitimate pair (which have successfully complet- 
ed the Bluetooth level authentication and key ex- 
change), so that it becomes possible to successfully 
complete the copyright protection layer (DTCP) level au- 
thentication and key exchange only between devices of 
the legitimate pair (which are owned by the same per- 
son, for example), and it becomes possible to share the 
copyright protection layer (DTCP) level encryption key 
only between devices of the legitimate pair (which are 
owned by the same person, for example). 
[0069] Next, the portable MPEG4 player 1 01 and the 
portable viewer 102 carry out the DTCP authentication 
and key exchange by utilizing the Bluetooth layer level 
encryption (step S20), and the sharing of the encryption 
key Kc on the DTCP layer (copyright protection layer) 
between the both devices is realized (steps S21 and 
S22). 

[0070] After that, the portable MPEG4 player 101 that 
is a transmitting side device transmits the AV contents 
(MPEG4 data) to be transmitted by encrypting them by 
using the encryption key Kc, to the portable viewer 1 02 
which is a receiving side device (step S24). The portable 
viewer 102 can decrypt these encrypted contents and 
extracts the MPEG4 data because the DTCP level en- 
cryption key Kc is already shared. Namely, the portable 
viewer 1 02 decrypts the received encrypted contents by 
using the DTCP level encryption key Kc (step S25) and 
displays them on a display. 

[0071] In contrast, any other receiving device located 
in the same Bluetooth pico-net does not share the en- 
cryption key Kc because the DTCP level authentication 
and key exchange has not been carried out, and there- 
fore it cannot reproduce the data as will be described 
below. 

[0072] Fig. 6 shows an exemplary sequence to be car- 
ried out between the portable MPEG4 player 101 of Mr. 
A and the portable viewer 1 03 of Mr. B which are not the 
legitimate pair. 

[0073] First, the respective PIN codes are entered by 
a prescribed method at a prescribed timing (in advance 
or before the actual use, for example) into the portable 
MPEG4 player 101 and the portable viewer 103 (steps 
S31 and S32). 



[0074] However, in this case, if the value of the PIN 
code entered at the portable MPEG4 player 1 01 side is 
assumed to be "x" as described above, a probability for 
a value "x"' of the PIN code entered at the portable view- 
5 er 1 03 side to coincide with the value "x" is none or ex- 
tremely low. Namely, in the case where the user enters 
the PIN code manually, for example, it is highly unlikely 
to have the same PIN code entered into the both devices 
because these devices are devices owned by different 
persons. Also, in the case of registering the unique PIN 
code into devices of the legitimate pair in advance, the 
PIN codes of these devices will not coincide because 
the portable MPEG4 player 1 01 of Mr. A and the portable 
viewer 1 03 of Mr. B are assumed to be not the legitimate 
pair in this example. 

[0075] Thus, even when the Bluetooth layer link key 
sharing procedure is carried out (step S33) in an attempt 
to share the link key value to be used in the subsequent 
authentication and key exchange (steps S34 and S35), 
the link key Kl on the portable MPEG4 player 101 side 
and the link key Kl 1 on the portable viewer 1 03 side that 
are generated according to the respective PIN codes do 
not coincide because the PIN codes do not coincide, 
and therefore the sharing of the link key will fail. 
[0076] Consequently, even when the subsequent 
Bluetooth layer authentication procedure is carried out 
(step S36), this will also fail. As a result, the subsequent 
Bluetooth layer key exchange procedure will not be car- 
ried out. 

[0077] Then, as the Bluetooth encryption cannot be 
realized, it is impossible to move on to the DTCP au- 
thentication and key exchange procedure, and therefore 
the DTCP authentication and key exchange cannot be 
completed successfully. Namely, even when the DTCP 
authentication and key exchange request comes from 
the receiving side portable viewer 103 (step S37), if it 
has been sent in a form without the Bluetooth level en- 
cryption, this request will be rejected (step S38). As a 
result, the copyright protection level authentication and 
key exchange fails and therefore the copyright protected 
AV data cannot be transferred between devices which 
are not the legitimate pair (which are owned by different 
persons, for example). 

[0078] Note that, at a time of notifying the rejection 
message to the correspondent at the step S38, the rea- 
son for the rejection (because the encryption at the link 
layer, i.e., the Bluetooth layer is missing, or because the 
Bluetooth layer authentication has not been carried out) 
may be notified as well. Such a notification can urge the 
correspondent to carry out the Bluetooth layer authen- 
tication and key exchange if the correspondent is a le- 
gitimate one (owned by the same person, for example). 
[0079] Note that, in the above, it is assumed that the 
MPEG4 data are stored in the portable MPEG4 player, 
but it is also possible to acquire the MPEG4 data from 
the external, or store 1 the source data before the en- 
coding and generate the MPEG4 data by an MPEG4 
encoder provided therein, or acquire the source data 
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from the external and generate the MPEG4 data therein. 
It is also possible to apply the present invention to ex- 
change of data other than the MPEG4 video (MPEG4 
data). 

[0080] Note also that, in the above, it is assumed that 
there are one transmitting side device and one receiving 
side device, but it is also possible to apply the present 
invention to the data transfer from one transmitting de- 
vice to a plurality of receiving devices. In this case, in 
the sequence of Fig. 5 for example, the procedure up to 
the sharing of the encryption key Kc can be carried out 
between the portable MPEG4 player and each portable 
viewer separately, such that the encryption key Kc is 
shared by all the devices which have successfully com- 
pleted the authentication and key exchange. As a result, 
when the portable M PEG4 player transmits the AV con- 
tents by encrypting them by using the encryption key 
Kc, the legitimate portable viewers which have success- 
fully shared the encryption key Kc can decrypt the en- 
crypted contents and display them. Note that, in this 
case, it is also possible to set up an upper limit for the 
number of receiving devices to which the data can be 
transferred from the transmitting device simultaneously, 
separately for each transmitting device or for each con- 
tent. 

[0081] Referring now to Fig. 7 to Fig. 9, the second 
embodiment of the present invention will be described 
in detail. 

[0082] The first embodiment described above is di- 
rected to the case where a whole or a part of the copy- 
right protection layer (DTCP) authentication and key ex- 
change procedure is carried out through the Bluetooth 
layer encryption and decryption units. In contrast, this 
second embodiment is directed to the case where the 
transfer of the MPEG4 data (AV data) itself is also car- 
ried out through the Bluetooth layer encryption and de- 
cryption units. In the following, the differences from the 
first embodiment will be mainly described. 
[0083] Fig. 7 shows an exemplary internal configura- 
tion of the portable MPEG4 player 101 of this embodi- 
ment which corresponds to that of Fig. 2 in the first em- 
bodiment. Also, Fig. 8 shows an exemplary internal con- 
figuration of the portable viewer 102 (103) of this em- 
bodiment which corresponds to that of Fig. 3 in the first 
embodiment. In either one, a difference is that a Blue- 
tooth layer encryption and decryption unit 15 or 25 is 
connected between the Bluetooth communication 
processing unit 12 or 22 and the DTCP encryption unit 
17 or 27. 

[0084] Also, Fig. 9 shows an exemplary sequence in 
this embodiment which corresponds to that of Fig. 5 in 
thefirst embodiment. Note that, in Fig. 9, aspects related 
to the encryption and decryption at the link layer are 
omitted as they are obvious. 

[0085] This sequence differs from that of the first em- 
bodiment in that the double encryption using the DTCP 
layer (copyright protection layer) encryption key Kc and 
the Bluetooth layer encryption key Kbt is applied to the 



AV data. Namely, the portable MPEG4 player 101 en- 
crypts the copyright protected AV contents to be trans- 
mitted by using the encryption key Kc first, and then en- 
crypts the encrypted AV contents by using the encryp- 

5 tion key Kbt (step S54). Also, the portable viewer 102 
decrypts the received encrypted AV contents by using 
the encryption key Kbt first, and then decrypts the de- 
crypted AV contents by using the encryption key Kc 
(step S54). The other steps S41 to S53 and S55 of Fig. 

10 9 are similar to the steps S1 1 to S23 and S25 of Fig. 5 
described above. 

[0086] In comparison with the first embodiment, this 
second embodiment requires a slower processing 
speed because the Bluetooth encryption is applied to 

15 both the DTCP authentication and key exchange as well 
as the data encryption and decryption, but the device 
configuration can be made simpler. For example, in the 
case where the DTCP processing is carried out on a sin- 
gle LSI, all inputs and outputs can be passed through 

20 the Bluetooth layer encryption and decryption units so 
that the configuration can be simplified. 
[0087] Note that, in this second embodiment, similarly 
as in the first embodiment, it is highly unlikely to have 
the same PIN code entered into devices which are not 

25 the legitimate pair (which are owned by different per- 
sons, for example), so that the Bluetooth layer authen- 
tication procedure will fail. As a result, the subsequent 
Bluetooth layer key exchange procedure will not be car- 
ried out. Then, as the Bluetooth encryption cannot be 

30 realized, it is impossible to move on to the DTCP au- 
thentication and key exchange procedure, and therefore 
the DTCP authentication and key exchange cannot be 
completed successfully. Thus, the copyright protected 
AV data cannot be transferred between devices which 

35 are not the legitimate pair (which are owned by different 
persons, for example). 

[0088] As described, in the present invention, be- 
tween a transmitting device and a receiving device, a 
first authentication and key exchange procedure de- 

40 pending on a radio link layer network is carried out, and 
then a whole or a part of a second authentication and 
key exchange procedure depending on the copyright 
protected contents data is carried out by using the cipher 
communication using a first encryption key that is 

45 shared between the transmitting device and the receiv- 
ing device by the first authentication and key exchange 
procedure, so that the contents data transfer by the ci- 
pher communication using a second encryption key can 
be carried out only between legitimate pair of the trans- 

50 mitting device and the receiving device that can suc- 
cessfully complete the first authentication. 
[0089] Thus, according to the present invention, it is 
possible to share the encryption key properly only be- 
tween the legitimate devices which can successfully 

55 complete the authentication procedure, so that it be- 
comes possible to realize the data transfer using the ci- 
pher communication only between devices which have 
properly shared the encryption key. 
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[0090] It is to be noted that the above embodiments 
have been described for the exemplary case of using 
the Bluetooth as the radio LAN, butthere are many other 
radio LANs which have the security function such as the 
link layer level authentication and key exchange, en- 
cryption, etc., such as 802.11 radio LAN, WECA scheme 
radio LAN, Home RF scheme radio LAN, etc., and it is 
also possible to apply the present invention to any of 
these various other types of the radio LAN. 
[0091] It is also to be noted that the portable MPEG4 
player 101 and the portable viewer 102 used in the 
above embodiments are just examples of a transmitting 
device and a receiving device in general, and the display 
30 in the portable viewer 1 02 shown in Fig. 3 or Fig. 8 
is just an example of a unit for reproducing the contents 
data in general and can be replaced by any other suit- 
able type of such a contents data reproduction unit such 
as audio player in the case of dealing with audio data, 
for example. 

[0092] It is also to be noted that the above described 
embodiments according to the present invention may be 
conveniently implemented using a conventional general 
purpose digital computer programmed according to the 
teachings of the present specification, as will be appar- 
ent to those skilled in the computer art. Appropriate soft- 
ware coding can readily be prepared by skilled program- 
mers based on the teachings of the present disclosure, 
as will be apparent to those skilled in the software art. 
[0093] In particular, each one of the transmitting de- 
vice and the receiving device in each of the above de- 
scribed embodiments can be conveniently implemented 
in a form of a software package. 

[0094] Such a software package can be a computer 
program product which employs a storage medium in- 
cluding stored computer code which is used to program 
a computer to perform the disclosed function and proc- 
ess of the present invention. The storage medium may 
include, but is not limited to, any type of conventional 
floppy disks, optical disks, CD-ROMs, magneto-optical 
disks, ROMs, RAMs, EPROMs, EEPROMs, magnetic 
or optical cards, or any other suitable media for storing 
electronic instructions. 

[0095] It is also to be noted that, besides those al- 
ready mentioned above, many modifications and varia- 
tions of the above embodiments may be made without 
departing from the novel and advantageous features of 
the present invention. Accordingly, all such modifica- 
tions and variations are intended to be included within 
the scope of the appended claims. 



Claims 

1 . A transmitting device for transmitting copyright pro- 
tected contents data to a receiving device through 
radio communications, transmitting device com- 
prising: 



a first authentication unit configured to carry out 
a first authentication with the receiving device, 
forjudging whetherthe receiving device is a de- 
vice that is allowed to communicate with the 

5 transmitting device or not, on a radio link layer 

of the radio communications; 
a first key exchange unit configured to generate 
a first encryption key and share the first encryp- 
tion key with the receiving device when the first 

10 authentication with the receiving device by the 

first authentication unit is success; 
a second authentication unit configured to carry 
out a second authentication with the receiving 
device, for protecting copyright of the contents 

15 data to be transmitted, through an encrypted ra- 

dio communication using the first encryption 
key; 

a second key exchange unit configured to gen- 
erate a second encryption key and share the 
20 second encryption key with the receiving de- 

vice when the second authentication with the 
receiving device by the second authentication 
unit is success; and 

a communication unit configured to transmitthe 
25 contents data to the receiving device through 

an encrypted communication path which is en- 
crypted by using the second encryption key and 
provided on the radio link layer. 

30 2. A transmitting device for transmitting copyright pro- 
tected contents data to a receiving device through 
radio communications, transmitting device com- 
prising: 

35 a first authentication unit configured to carry out 

a first authentication with the receiving device, 
forjudging whetherthe receiving device is a de- 
vice that is allowed to communicate with the 
transmitting device or not, on a radio link layer 

40 of the radio communications; 

a first key exchange unit configured to generate 
a first encryption key and share the first encryp- 
tion key with the receiving device when the first 
authentication with the receiving device by the 

45 first authentication unit is success; 

a second authentication unit configured to carry 
out a second authentication with the receiving 
device, for protecting copyright of the contents 
data to be transmitted, through an encrypted ra- 

50 dio communication using the first encryption 

key; 

a second key exchange unit configured to gen- 
erate a second encryption key and share the 
second encryption key with the receiving de- 
55 vice when the second authentication with the 

receiving device by the second authentication 
unit is success; and 

a communication unit configured to set up an 
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encrypted communication path which is en- 
crypted by using the second encryption key on 
the encrypted radio communication which is 
encrypted by using the first encryption key, and 
transmit the contents data to the receiving de- 5 
vice through the encrypted communication 
path. 

3. A transmitting device according to either of claims 

1 or 2, wherein when the second authentication or 10 
sharing of the second encryption key is failure for a 
reason that the encrypted radio communication on 
the radio link layer is missing, one of the second 
authentication unit and the second key exchange 
unit notifies the failure and the reason to the receiv- 15 
ing device. 



erate a second encryption key and share the 
second encryption key with the transmitting de- 
vice when the second authentication with the 
transmitting device by the second authentica- 
tion unit is success; and 
a communication unit configured to receive the 
contents data transmitted from the transmitting 
device through an encrypted communication 
path which is encrypted by using the second 
encryption key and provided on the radio link 
layer. 

8. A receiving device for receiving copyright protected 
contents data transmitted from a transmitting de- 
vice through radio communications, the receiving 
device comprising: 



4. A transmitting device according to any of claims 1 
to 3, further comprising a storage unit configured to 
store the contents data. 

5. A transmitting device according to any of claims 1 
to 4, wherein the first authentication by the first au- 
thentication unit is success when a PIN code en- 
tered at the transmitting device and a PIN code no- 
tified from the receiving device are in a prescribed 
relationship. 

6. A transmitting device according to claim 5, wherein 
each PIN code contains at least one of a varying 
code information, a prescribed code information, a 
body information acquired from a body of a user, 
and an attribute information regarding attributes of 
the user. 

7. A receiving device for receiving copyright protected 
contents data transmitted from a transmitting de- 
vice through radio communications, the receiving 
device comprising: 

a first authentication unit configured to carry out 
a first authentication with the transmitting de- 
vice, for enabling the receiving device to oper- 
ate as a device that is allowed to communicate 
with the transmitting device, on a radio link lay- 
er of the radio communications; 
a first key exchange unit configured to generate 
a first encryption key and share the first encryp- 
tion key with the transmitting device when the 
first authentication with the transmitting device 
by the first authentication unit is success; 
a second authentication unit configured to carry 
out a second authentication with the transmit- 
ting device, for protecting copyright of the con- 
tents data to be transmitted, through an en- 
crypted radio communication using the first en- 
cryption key; 

a second key exchange unit configured to gen- 



a first authentication unit configured to carry out 
a first authentication with the transmitting de- 
20 vice, for enabling the receiving device to oper- 

ate as a device that is allowed to communicate 
with the transmitting device, on a radio link lay- 
er of the radio communications; 
a first key exchange unit configured to generate 
25 a first encryption key and share the first encryp- 

tion key with the transmitting device when the 
first authentication with the transmitting device 
by the first authentication unit is success; 
a second authentication unit configured to carry 
30 out a second authentication with the transmit- 

ting device, for protecting copyright of the con- 
tents data to be transmitted, through an en- 
crypted radio communication using the first en- 
cryption key; 

35 a second key exchange unit configured to gen- 

erate a second encryption key and share the 
second encryption key with the transmitting de- 
vice when the second authentication with the 
transmitting device by the second authentica- 
te tion unit is success; and 

a communication unit configured to set up an 
encrypted communication path which is en- 
crypted by using the second encryption key on 
the encrypted radio communication which is 
45 encrypted by using the first encryption key, and 

receive the contents data transmitted from the 
transmitting device through the encrypted com- 
munication path. 

50 9. A receiving device according to either of claims 7 or 
8, further comprising a reproduction unit configured 
to reproduce the contents data. 

10. A receiving device according to any of claims 7 to 
55 9, wherein the first authentication by the first au- 
thentication unit is success when a PIN code en- 
tered atthe receiving device and a PIN code notified 
from the transmitting device are in a prescribed re- 
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lationship. 

11. A receiving device according to claim 10, wherein 
each PIN code contains at least one of a varying 
code information, a prescribed code information, a 5 
body information acquired from a body of a user, 
and an attribute information regarding attributes of 
the user. 

12. A radio communication system, comprising a trans- 10 
mitting device for transmitting copyright protected 
contents data through radio communications, and 

a receiving device for receiving the contents data 
transmitted from the transmitting device, each one 
of the transmitting device and the receiving device 15 
having: 



13. A radio communication system, comprising a trans- 
mitting device for transmitting copyright protected 
contents data through radio communications, and 
a receiving device for receiving the contents data 55 
transmitted from the transmitting device, each one 
of the transmitting device and the receiving device 
having: 



a first authentication unit configured to carry out 
a first authentication between the transmitting 
device and the receiving device, for judging 
whether the transmitting device and the receiv- 
ing device are devices that are allowed to com- 
municate with the transmitting device or not, on 
a radio link layer of the radio communications; 
a first key exchange unit configured to generate 
a first encryption key and share the first encryp- 
tion key between the transmitting device and 
the receiving device when the first authentica- 
tion between the transmitting device and the re- 
ceiving device by the first authentication unit is 
success; 

a second authentication unit configured to carry 
out a second authentication between the trans- 
mitting device and the receiving device, for pro- 
tecting copyright of the contents data to be 
transmitted, through an encrypted radio com- 
munication using the first encryption key; 
a second key exchange unit configured to gen- 
erate a second encryption key and share the 
second encryption key between the transmit- 
ting device and the receiving device when the 
second authentication between the transmit- 
ting device and the receiving device by the sec- 
ond authentication unit is success; and 
a communication unit configured to set up an 
encrypted communication path which is en- 
crypted by using the second encryption key on 
the encrypted radio communication which is 
encrypted by using the first encryption key, and 
transfer the contents data from the transmitting 
device to the receiving device through the en- 
crypted communication path. 

14. A contents data transfer method in a radio commu- 
nication system comprising a transmitting device for 
transmitting copyright protected contents data 
through radio communications and a receiving de- 
vice for receiving the contents data transmitted from 
the transmitting device, the contents data transfer 
method comprising: 

carrying out a first authentication between the 
transmitting device and the receiving device, 
forjudging whether the transmitting device and 
the receiving device are devices that are al- 
lowed to communicate with the transmitting de- 
vice or not, on a radio link layer of the radio 
communications; 

generating a first encryption key and sharing 
the first encryption key between the transmit- 
ting device and the receiving device when the 
first authentication between the transmitting 
device and the receiving device is success; 
carrying out a second authentication between 
the transmitting device and the receiving de- 



a first authentication unit configured to carry out 
a first authentication between the transmitting 
device and the receiving device, for judging 20 
whether the transmitting device and the receiv- 
ing device are devices that are allowed to com- 
municate with the transmitting device or not, on 
a radio link layer of the radio communications; 
a first key exchange unit configured to generate 25 
a first encryption key and share the first encryp- 
tion key between the transmitting device and 
the receiving device when the first authentica- 
tion between the transmitting device and the re- 
ceiving device by the first authentication unit is 30 
success; 

a second authentication unit configured to carry 
out a second authentication between the trans- 
mitting device and the receiving device, for pro- 
tecting copyright of the contents data to be 35 
transmitted, through an encrypted radio com- 
munication using the first encryption key; 
a second key exchange unit configured to gen- 
erate a second encryption key and share the 
second encryption key between the transmit- 40 
ting device and the receiving device when the 
second authentication between the transmit- 
ting device and the receiving device by the sec- 
ond authentication unit is success; and 
a communication unit configured to transferthe 45 
contents data from the transmitting device to 
the receiving device through an encrypted com- 
munication path which is encrypted by using 
the second encryption key and provided on the 
radio link layer. so 
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vice, for protecting copyright of the contents da- 
ta to be transmitted, through an encrypted radio 
communication using the first encryption key; 
generating a second encryption key and shar- 
ing the second encryption key between the 5 
transmitting device and the receiving device 
when the second authentication between the 
transmitting device and the receiving device is 
success; and 

transferring the contents data from the trans- 10 
mitting device to the receiving device through 
an encrypted communication path which is en- 
crypted by using the second encryption key and 
provided on the radio link layer. 

15 

15. A contents data transfer method in a radio commu- 
nication system comprising atransmitting device for 
transmitting copyright protected contents data 
through radio communications and a receiving de- 
vice for receiving the contents data transmitted from 20 
the transmitting device, the contents data transfer 
method comprising: 

carrying out a first authentication between the 
transmitting device and the receiving device, 25 
for judging whether the transmitted device and 
the receiving device are devices that are al- 
lowed to communicate with the transmitting de- 
vice or not, on a radio link layer of the radio 
communications; so 
generating a first encryption key and sharing 
the first encryption key between the transmit- 
ting device and the receiving device when the 
first authentication between the transmitting 
device and the receiving device is success; 35 
carrying out a second authentication between 
the transmitting device and the receiving de- 
vice, for protecting copyright of the contents da- 
ta to be transmitted, through an encrypted radio 
communication using the first encryption key; 40 
generating a second encryption key and shar- 
ing the second encryption key between the 
transmitting device and the receiving device 
when the second authentication between the 
transmitting device and the receiving device is 45 
success; and 

setting up an encrypted communication path 
which is encrypted by using the second encryp- 
tion key on the encrypted radio communication 
which is encrypted by using the first encryption 50 
key, and transferring the contents data from the 
transmitting device to the receiving device 
through the encrypted communication path. 
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ABSTRACT: 

CHG DATE=20020403 STATUS=0> Between a 
transmitting device (101) and a receiving device 
(102) f a first authentication and key exchange 
procedure (13) depending on a radio link layer 
network is carried out, and then a whole or a part 
of a second authentication and key exchange 
procedure ( 16 ) depending on the copyright 
protected contents data is carried out by using 
the cipher communication using a first encryption 
key that is shared between the transmitting device 

(101) and the receiving device (102) by the first 
authentication and key exchange procedure, so that 
the contents data transfer by the cipher 
communication using a second encryption key can be 
carried out only between legitimate pair of the 
transmitting device (101) and the receiving device 

(102) that can successfully complete the first 

authentication . 
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